?
Solved

Using SAMBA with encrypted passwords

Posted on 1998-11-13
11
Medium Priority
?
308 Views
Last Modified: 2013-12-27
Hi there,

I installed samba 1.9.18p10 on a Solaris 2.6 system. I want to access it from a WinNT 4.0 wkst with SP3.

To do this (without having to change the way winnt negotiates passwords) I have to enable encrypted passwords in samba.

Now, as I understand there are primarily two ways:
1) Make a special samba-password file
2) Let another server/domain do the authentication

I want to use method (2), so I would like to just set "security=myserver.bla.bla", where myserver is my NT PDC.
Will this work or do I still need a samba password file. The documentation is a bit ambiguous in that respect ....

Excerpt:
"In this mode Samba will try to validate the
username/password by passing it to another SMB server, such
as an NT box. If this fails it will revert
to "security = user", but note that if encrypted passwords
have been negotiated then Samba cannot revert back to
checking the UNIX password file, it must have a valid
smbpasswd file to check users against."
^^^^^^^^^

If this should be a hard question, I am willing to give more points, but I am sure this should be a pretty standard-situation.

Greetings,

         os
0
Comment
Question by:os012897
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 4
  • 2
  • +1
11 Comments
 
LVL 3

Expert Comment

by:arunm
ID: 2007807
Im slightly confused, using this method what would happen if you attached a NT box that did not have sp3 ie. password encryption. Wouldnt it just be easier (but admittedly less secure!) to use the registry hack to stop NT (sp3) using encrpytion?
   
0
 
LVL 3

Author Comment

by:os012897
ID: 2007808
That is what I am doing right now, but I do not want to have it that way forever.

Basically I think as long as you have a user with identical UID on the NT and UNIX box it should work, as even NT before SP3 used password encryption. The difference is just, that pre-SP3 NT had a default fallback mode where it would also send passwords unencrypted if necessary, which after SP3 isn't the case anymore.

Greetings,

       os

0
 
LVL 3

Expert Comment

by:arunm
ID: 2007809
Due to the lack of responses, Im starting to wonder if what your asking will actually work?
0
VIDEO: THE CONCERTO CLOUD FOR HEALTHCARE

Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.

 
LVL 3

Author Comment

by:os012897
ID: 2007810
Well, maybe I should ask in the WInNT forum .....

os

0
 
LVL 3

Expert Comment

by:arunm
ID: 2007811
Good idea. Why not post a zero question there, indicating the problem and with the url of this thread.

0
 
LVL 3

Expert Comment

by:arunm
ID: 2007812
that should read- zero point question.

0
 
LVL 1

Expert Comment

by:kuehn
ID: 2007813
Have you tried to setup an Wins server? Samba needs wins. Without no login.
0
 
LVL 3

Author Comment

by:os012897
ID: 2007814
Hi kuehn,

I do not have Wins, but I CAN use the shares from the unix-machine. The problem is just, that I cannot use encrypted passwords (SP3) at the moment, see original question.

Greetings,

      os

0
 
LVL 2

Expert Comment

by:cwalter
ID: 2007815
You have 2 things you need to accomplish.

1. Make sure you have something similiar to the following in your smb.conf file:

[global]
   server string = Solaris SMB Server
   local master = no
   preferred master = no
   wins server = wins.domain.com
   domain master = no
   printing = bsd
   printcap name = /etc/printcap
   load printers = yes
   guest account = pcguest
   security = server
   password server = pdc.domain.com    

2. Setup your smbpasswd file with usernames and passwds which match your NT usernames and passwds.
0
 
LVL 3

Author Comment

by:os012897
ID: 2007816
Thanx cwalter,

First off, you will get your points, I would just like to have two things clarified first:

1) I am NOT using wins, is that a problem?
2) What is the smbpasswd good for? Can't I go without one?


Greetings,

          os

0
 
LVL 2

Accepted Solution

by:
cwalter earned 200 total points
ID: 2007817
You don't really need WINS, it is nice to have running, if nothing else your Unix machine could do it. If you don't have WINS running you need to have the NT name match the IP name. So if your PDC is called pdc in NT then the IP name would be pdc.domain.com.

smppasswd is kinda working as a key. Username to encrypted password and vice versa. This way Unix can match the username to the encrypted password which NT expects.
0

Featured Post

Free Tool: Site Down Detector

Helpful to verify reports of your own downtime, or to double check a downed website you are trying to access.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This tech tip describes how to install the Solaris Operating System from a tape backup that was created using the Solaris flash archive utility. I have used this procedure on the Solaris 8 and 9 OS, and it shoudl also work well on the Solaris 10 rel…
Installing FreeBSD… FreeBSD is a darling of an operating system. The stability and usability make it a clear choice for servers and desktops (for the cunning). Savvy?  The Ports collection makes available every popular FOSS application and packag…
Learn how to get help with Linux/Unix bash shell commands. Use help to read help documents for built in bash shell commands.: Use man to interface with the online reference manuals for shell commands.: Use man to search man pages for unknown command…
In a previous video, we went over how to export a DynamoDB table into Amazon S3.  In this video, we show how to load the export from S3 into a DynamoDB table.
Suggested Courses
Course of the Month11 days, 22 hours left to enroll

752 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question